Shikhil Sharma is the Founding father of Astra Security – a continuous pentesting platform. On the very onset of his profession, Shikhil consulted a lot of businesses, startups & banks on cyber security. After helping some top businesses secure their web sites & apps, Shikhil noted how in-effective traditional pentesting was, and founded Astra Security as an enabler to assist bridge the identical. He deeply cares about constructing habit forming products and designing intuitive marketing campaigns.
Astra Security recently raised $2.7 million to revolutionize cybersecurity with AI-Driven pentesting.
Your journey began with consulting businesses and banks on cybersecurity. What gaps did you discover in traditional pentesting that led to the creation of Astra Security?
A conventional pentest is usually done as a point-in-time exercise, it’s always triggered by regulatory requirements or when a vulnerability is suspected, leaving the applications vulnerable to hacks for an prolonged period between due pentest. Traditional pentesting, which is service-driven, often overwhelms customers with 500-page reports stuffed with jargon but lacking actionable insights.
Communication is usually unstructured, leaving stakeholders, developers, CTOs, CISOs, and even pentesters frustrated by the shortage of seamless collaboration and clear remediation guidance. With AI increasing the speed at which latest code is being pushed into production, the normal penetration testing approach fails to maintain up. This led us to create Astra Security, a continuous offensive pentesting platform.
Astra Security goals to make cybersecurity “super easy” for SMEs. How does your approach differ from traditional security solutions out there?
SMEs need easy, effective security that doesn’t slow them down. That’s where Astra Security stands out. Our approach is built around ease of use, automation, actionable insights, and making security continuous at scale. Every few months there’s a brand new acronym of tools starting from CSPM, SSPM, CTEM, and ASPM, which mid-sized businesses find difficult to maintain up with. At Astra, we provide features from all of those without naming them anything fancy, to maintain the platform user-friendly.
Our platform integrates directly into the CI/CD pipeline, providing real-time alerts and guided remediation so teams without dedicated security experts can stay protected.
What are a few of the most progressive AI-driven security measures Astra has developed to remain ahead of cybercriminals?
Astra’s AI-powered offensive security engine is designed to detect, correlate, and remediate vulnerabilities at scale. Our platform constantly scans infrastructure by leveraging AI-driven attack simulations via threat modeling, mimicking real-world hacker tactics to uncover even probably the most sophisticated threats. We provide a friendly bot, “Astranaut,” which has the context of every vulnerability in the shopper’s stack, and helps developers fix vulnerabilities quickly.
Astra Security offers “continuous pentesting.” How does this differ from traditional pentesting, and why is that this shift vital?
Astra’s continuous pentesting platform makes security real-time and proactive, unlike traditional one-off tests. Our AI-powered platform constantly scans infrastructure, detects vulnerabilities, and simulates real-world attacks, providing quick alerts, risk prioritization, and AI-driven remediation so developers can fix issues faster. With cyber threats evolving day by day, businesses can’t afford to attend months for the subsequent test. Astra combines AI automation with expert validation, ensuring 24/7 protection and reduced risk exposure.
Your platform has identified over 110,000 vulnerabilities per thirty days. Are you able to share insights on a few of the most surprising or critical vulnerabilities you’ve discovered?
The actual variety of vulnerabilities we discover every month is 200,000+. We still see injection-based attacks like SQL and scripting attacks which have been around for years remaining among the many top findings on our platform. Surprisingly, broken access control is widespread, with many applications vulnerable to it. We were in a position to see this at scale after we launched a broken access control scanner module in beta internally. One other thing that surprises us is how again and again unintentionally secret keys are committed to customer-facing code, from Stripe, Slack, to email service provider keys – we have seen all of it.
What role do human security researchers play in Astra’s AI-powered pentesting platform? How do automation and human expertise complement one another?
At Astra, AI automation and Astra’s security experts work hand in hand to deliver precise, actionable, and real-time security assessments. While AI accelerates vulnerability detection and automates attack simulations, our security researchers bring deep context, validation, and progressive evaluation, ensuring no critical flaw goes unnoticed. We imagine pentesters now have an excellent more essential role to play, and not need to spend time reporting low-hanging vulnerabilities repeatedly, but specializing in actual critical potential attacks more.
With cloud environments growing in complexity, how is Astra Security evolving to guard modern SaaS and cloud-based infrastructures?
Our platform proactively scans cloud workloads, APIs, and identities, detecting misconfigurations, privilege escalation risks, and real-world attack vectors. Astra ensures businesses can scale securely – without compromising agility – with deep cloud integrations, automated compliance checks, and security embedded into CI/CD pipelines.
Your background includes participating in high-profile bug bounty programs. What was your most memorable vulnerability discovery?
Considered one of my bug bounty journey’s most memorable vulnerability discoveries was identifying a critical authentication bypass and injection attack in a significant marketplace platform. The flaw allowed attackers to access user accounts without valid credentials, potentially exposing sensitive financial data. What made this discovery stand out was its real-world impact—had it been exploited, it could have led to large-scale financial fraud. Responsible disclosure ensured the vulnerability was patched before any damage occurred.
You’re actively involved in cybersecurity and sometimes speak at industry events. What role does community engagement play in shaping Astra’s mission?
Community engagement is essential to Astra’s mission. Interacting with security professionals, developers, and CISOs helps us understand emerging challenges firsthand. These insights directly influence our product innovations, ensuring we construct solutions that usually are not only cutting-edge but additionally practical, effective, and aligned with industry needs. At Astra, we’ve built The 403 Circle—our exclusive community of 100+ CTOs and CISOs, where security leaders share experiences, exchange insights, and seek guidance from peers on the frontlines of cybersecurity.
Where do you see Astra Security five years from now, and what’s your ultimate vision for its impact on the cybersecurity industry?
Five years from now, Astra will likely be on the forefront of AI-driven offensive security, making continuous pentesting the industry standard. Our goal is to eliminate the normal, reactive approach to security by providing businesses with an automatic, intelligent security engine that detects, prioritizes, and helps remediate vulnerabilities in real-time. Astra will shape the longer term of proactive cybersecurity, helping businesses move beyond periodic security testing to always-on, AI-powered protection that scales with them.
